Incomplete Cleanup
CVE-2023-41835
Summary
When a Multipart request is performed but some of the fields exceed the "maxStringLength" limit, the upload files will remain in "struts.multipart.saveDir" even if the request has been denied. Users are recommended to upgrade to versions, that fixes this issue. This issue affects the package org.apache.struts:struts2-core versions through 2.5.31, 6.0.0 through 6.1.2.1, and 6.2.0 through 6.3.0.0.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-459 - Incomplete Cleanup
The software does not properly "clean up" and remove temporary or supporting resources after they have been used.
References
Advisory Timeline
- Published